Adversaries may implant cloud or container images with malicious code to establish persistence after gaining access to an environment. Amazon Web Services (AWS) Amazon Machine Images (AMIs), Google Cloud Platform (GCP) Images, and Azure Images as well as popular container runtimes such as Docker can be implanted or backdoored. Unlike Upload Malware, this technique focuses on adversaries implanting an image in a registry within a victim’s environment. Depending on how the infrastructure is provisioned, this could provide persistent access if the infrastructure provisioning tool is instructed to always use the latest image.(Citation: Rhino Labs Cloud Image Backdoor Technique Sept 2019)
A tool has been developed to facilitate planting backdoors in cloud container images.(Citation: Rhino Labs Cloud Backdoor September 2019) If an adversary has access to a compromised AWS instance, and permissions to list the available container images, they may implant a backdoor such as a Web Shell.(Citation: Rhino Labs Cloud Image Backdoor Technique Sept 2019)
View in MITRE ATT&CK®| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| PR.AA-05.02 | Privileged system access | Mitigates | T1525 | Implant Internal Image |
Comments
This diagnostic statement protects against Implant Internal Image through the use of privileged account management and the use of multi-factor authentication.
References
|
| DE.CM-09.01 | Software and data integrity checking | Mitigates | T1525 | Implant Internal Image |
Comments
This diagnostic statement protects against Implant Internal Image through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.
References
|
| PR.AA-05.01 | Access privilege limitation | Mitigates | T1525 | Implant Internal Image |
Comments
This diagnostic statement describes the implementation of least privilege principle, which can be applied to limiting permissions through role-based access controls, file and directory permissions, and the execution of systems and services. Limit permissions associated with creating and modifying platform images or containers based on the principle of least privilege
References
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1525 | Implant Internal Image |
Comments
This diagnostic statement provides protection from Implant Internal Image through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baselining and integrity checking can help protect against adversaries attempting to compromise and modify software and its configurations.
References
|
| PR.PS-01.09 | Virtualized end point protection | Mitigates | T1525 | Implant Internal Image |
Comments
The diagnostic statement highlights several mechanisms that organizations can implement to protect endpoint systems using virtualization technologies, essentially hypervisor hardening. With this technique, adversaries may implant cloud or container images with malicious code to establish persistence after gaining access to an environment. Periodically baselining virtual machine images to identify malicious modifications or additions may aid in mitigating this technique and with mitigating interactions with images that are modified anomalously.
References
|
| PR.PS-01.09 | Virtualized end point protection | Mitigates | T1525 | Implant Internal Image |
Comments
The diagnostic statement highlights several mitigating controls that organizations can implement to protect endpoint systems using virtualization technologies. Adversaries may implant cloud or container images with malicious code to establish persistence after gaining access to an environment. Periodically checking the integrity of images and containers used in virtualized deployments to ensure they have not been modified to include malicious software may aid in mitigating this type of adversary technique.
References
|
| EX.MM-01.01 | Third-party monitoring and management resources | Mitigates | T1525 | Implant Internal Image |
Comments
This diagnostic statement provides for the implementation of procedures for management of third party products such as ensuring cloud service providers support content trust models that require container images be signed by trusted source.
References
|
| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| docker_host_hardening | Microsoft Defender for Cloud: Docker Host Hardening | technique_scores | T1525 | Implant Internal Image |
Comments
This control may alert on Docker containers that are misconfigured or do not conform to CIS Docker Benchmarks. This may result in detection of container images implanted within Linux VMs with specific vulnerabilities or misconfigurations for malicious purposes.
References
|
| ai_security_recommendations | Microsoft Defender for Cloud: AI Security Recommendations | technique_scores | T1525 | Implant Internal Image |
Comments
This control's "Container images should be deployed from trusted registries only", "Container registries should not allow unrestricted network access" and "Container registries should use private link" recommendations can lead to ensuring that container images are only loaded from trusted registries thereby mitigating this technique.
References
|
| alerts_for_linux_machines | Alerts for Linux Machines | technique_scores | T1525 | Implant Internal Image |
Comments
This control may alert on suspicious container images running mining software or SSH servers. Privileged Docker containers and privileged commands running within containers may also be detected. These alerts are only generated on containers in Linux endpoint machines and not for containers running from Azure Docker deployment.
References
|
| azure_policy | Azure Policy | technique_scores | T1525 | Implant Internal Image |
Comments
This control may provide recommendations to enable scanning and auditing of container images. This can provide information on images that have been added with high privileges or vulnerabilities.
References
|
| defender_for_containers | Microsoft Defender for Containers | technique_scores | T1525 | Implant Internal Image |
Comments
This control may scan and alert on import or creation of container images with known vulnerabilities or a possible expanded surface area for exploitation.
References
|
| defender_for_containers | Microsoft Defender for Containers | technique_scores | T1525 | Implant Internal Image |
Comments
This control may alert on containers with sensitive volume mounts, unneeded privileges, or running an image with digital currency mining software.
References
|
| defender_for_containers | Microsoft Defender for Containers | technique_scores | T1525 | Implant Internal Image |
Comments
This control may prevent adversaries from implanting malicious container images through fine grained permissions and use of container image tag signing. Image tag signing allows for verifiable container images that have been signed with legitimate keys.
References
|
| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| artifact_analysis | Artifact Analysis | technique_scores | T1525 | Implant Internal Image |
Comments
Artifact Analysis performs vulnerability scans on artifacts in Artifact Registry or Container Registry (deprecated). When Artifact Analysis is deployed, this security solution can detect known vulnerabilities in Docker containers. This information can be used to detect images that deviate from the baseline norm, and could indicate a malicious implanted images in the environment. Due to the medium threat detection coverage and temporal factor, the control was scored as partial.
References
|
| binary_authorization | Binary Authorization | technique_scores | T1525 | Implant Internal Image |
Comments
Each image has a signer digitally sign using a private key. At deploy time, the enforcer uses the attester's public key to verify the signature in the attestation.
References
|
| gke_enterprise | GKE Enterprise | technique_scores | T1525 | Implant Internal Image |
Comments
GKE Enterprise incorporates the Anthos Config Management feature to prevent configuration drift with continuous monitoring of your cluster state, using the declarative model to apply policies that enforce compliance. This control can periodically check the integrity of images and containers used in cloud deployments to ensure that adversaries cannot implant malicious code to gain access to an environment.
References
|
| google_kubernetes_engine | Google Kubernetes Engine | technique_scores | T1525 | Implant Internal Image |
Comments
After scanning for vulnerabilities, this control may alert personnel of tampered container images that could be running in a Kubernetes cluster.
References
|
| security_command_center | Security Command Center | technique_scores | T1525 | Implant Internal Image |
Comments
SCC is able to detect modifications that were not not part of the original container image. Because of the high threat detection coverage and near-real time temporal factor this control was graded as significant.
References
|
| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| aws_config | AWS Config | technique_scores | T1525 | Implant Internal Image |
Comments
The following AWS Config managed rules can identify running instances that are not using AMIs within a specified allow list: "approved-amis-by-id" and "approved-amis-by-tag", both of which are run on configuration changes. This does not provide detection of the image implanting itself, but does provide detection for any subsequent use of images that are implanted and not present within the allow list, resulting in a score of Minimal.
References
|